The su utility allows a user to run a shell
with the user and group ID of another user without having to log out and in as
that other user.

By default, the environment is unmodified with the exception of
LOGNAME,
HOME,
SHELL, and
USER.
HOME and
SHELL are set to the target login's default
values. LOGNAME and
USER are set to the target login, unless
the target login has a user ID of 0 and the
-l flag was not specified, in which case it
is unmodified. The invoked shell is the target login's. This is the
traditional behavior of su.

If not using -m and the target login has a
user ID of 0 then the PATH variable and
umask value (see umask(2)) are
always set according to the /etc/login.conf
file (see login.conf(5)).

Loop until a correct username and password combination is entered, similar
to login(1). Note that in
this mode target login must be specified
explicitly, either on the command line or interactively. Additionally,
su will prompt for the password even
when invoked by root.

Simulate a full login. The environment is discarded except for
HOME,
SHELL,
PATH,
TERM,
LOGNAME, and
USER.
HOME and
SHELL are modified as above.
LOGNAME and
USER are set to the target login.
PATH is set to the value specified by
the “path” entry in
login.conf(5).
TERM is imported from your current
environment. The invoked shell is the target login's, and
su will change directory to the target
login's home directory.

Leave the environment unmodified. The invoked shell is your login shell,
and no directory changes are made. As a security precaution, if the target
user's shell is a non-standard shell (as defined by
getusershell(3)) and
the caller's real UID is non-zero, su
will fail.

Specify the path to an alternate login shell. You may only override the
shell if you're already root. This option will override the shell even if
the -m option is specified.

The -l and
-m options are mutually exclusive; the last
one specified overrides any previous ones.

If the optional shell arguments are provided on
the command line, they are passed to the login shell of the target login. This
allows it to pass arbitrary commands via the
-c option as understood by most shells.
Note that -c usually expects a single
argument only; you have to quote it when passing multiple words.

If group 0 (normally “wheel”) has users listed then only those
users can su to “root”. It is
not sufficient to change a user's
/etc/passwd entry to add them to the
“wheel” group; they must explicitly be listed in
/etc/group. If no one is in the
“wheel” group, it is ignored, and anyone who knows the root
password is permitted to su to
“root”.

By default (unless the prompt is reset by a startup file) the superuser prompt
is set to “#” to remind one of its
awesome power.